FC outlined a series of areas where organisational security is often weak.

Fences: fences can be too low, have gaps, or have places where nearby structures (signposts, trees) allow people to scale them

Windows: the fashion for offices built as big glass boxes continues; however any office where someone outside can look in and see documents, or perhaps more seriously observe people logging on to computer systems, is open to a data breach

CCTV: having security cameras is a great precaution unless they are facing the wrong way, can be tampered with by someone on foot (or even on someone’s shoulders), or have exposed wiring that is easily cut

Reception areas: these don’t just need to look good- they need to promote security; if there are places that receptionists can’t see then that’s a problem; likewise receptions that are easy to see into can be a problem, especially if they are sometimes left unstaffed (hint: make sure that there are always two people on security duty as it is easy to distract a single person)

Doors and gates: secure doors and gates are only useful if you can’t walk round them or if worn keypads don’t give the entry codes away!

Badges are essential – but not just for visitors: if only visitors have them, then any visitor who takes off their badge suddenly looks like a member of staff; and of course badges can be copied, especially if employees wear them openly when they leave their workplace

Locks: locks can offer protection, but only against honest people (most criminals can unpick locks in a few seconds); and they only work if they are used - security doors that are propped open are a too-common site

Magnetic locks on doors are harder to pick, but they will only protect your premises if they are on the inside of the door and not the outside (where they can simply be unscrewed)

Waste paper: confidential documents inadequately shredded and left in insecure locations obviously present a risk, from cleaners, temporary staff and passers-by; how scrupulous are your employees at shredding confidential documents (including those that didn’t print properly)?

Unlocked cupboards: you have locks on cupboards for a reason; leaving them unlocked is a security risk as well as being a symptom of lazy security thinking

Insecure disks: if a desk is covered with paper or has a computer that is never locked it represents a security risk as dishonest employees, visitors or intruders may well be able to find information that they find of value

Perhaps the most important part of keeping physically secure is the culture within your organisation. People staffing reception desks need to be aware of the tricks that unscrupulous people will play, and the methods they will use to gain sympathy and unwarranted help. Employees generally need to realise the importance of challenging strangers - and they must feel empowered to do this.

The good work of IT managers and CISOs to protect data can easily be undone if simple, but essential physical security precautions are ignored. Ensuring your security culture embraces physical breaches as well as IT security is the only way to have a chance of keeping safe.

About The Author

Jeremy Swinfen Green MA MBA is Head of Consulting at teiss. He has spent over 25 years advising organisations about digital technology and “human factors”, how people interact with technology. He has degrees from the University of Oxford and City University. He is the author of: "Cyber security: an introduction for non-technical managers" (Gower, 2015); "The weakest link" Bloomsbury, 2016) and "Digital Governance" (Routledge, 2020).

Related Posts

Ugandan doctors are giving new mothers artificial intelligence-enabled devices to remotely monitor their health in a first-of-its-kind study aiming to curb thousands of preventable maternal deaths across Africa, medics and …

Dima Bekerman and Sarit Yerushalmi, Security Research Managers at Imperva, reflect on the changes and trends in web application and database security that occurred in 2019. Web application vulnerabilities are often …